Posted by A-Jay Orr

7 Security Mistakes Employees Make Every Day

When Verizon released their Data Breach Investigations Report for 2014, they revealed an interesting statistic. About 58 percent of cyber security incidents in the public sector were caused by (drum roll, please)…

Employees.

34 percent of cases were accidental and 24 percent were malicious. BakerHostetler released a similar report for 2015 and according to their research:

You can encrypt your data and invest in the latest technologies to safeguard your organization, but what about employee oversights and internal ill-intent? It’s time to ask yourself — are your employees making these 7 security mistakes?

1. Not Changing Passwords

The obvious initial offense is failing to properly password protect company data. Here’s how they’re accidentally botching your business’s first line of defense (the last bullet point’s a big one):

Using weak passwords that are easy to decode

Forgetting to regularly change passwords

Repeatedly recycling the same passwords

Posting their password on a sticky note next to their monitor

Allowing browsers to memorize usernames and/or passwords

2. Not Reporting Oddities

Sometimes, our devices do weird things, and we chalk it up to a “glitch” or assume it’s some sort of normal technological inconsistency when in fact, it’s malware or a virus, silently boring a hole through your network. Educate your employees on how to recognize when oddities are a warning sign and urge them to immediately report the issues to your vCIO or IT department. And IT people…be nice to your co-workers, even if their questions are silly!

New programs appear in the add/remove programs section of your control panel

New favorites appear on your favorites toolbar

Performance issues occur within your windows programs

Instead of receiving a 404 error page for unfound websites, you are redirected to a strange site

Your firewall keeps alerting you

You see emails bouncing back that were sent without your consent

Weird toolbars appear in your web browser

You see charges on your phone bill for 1-900 numbers

Spyware elimination programs like Spybot or Adaware, or Windows Task Manager will only pop up for a moment before disappearing

The Java console appears in your task bar despite not having run any Java software

Virus symptoms

Strange messages or displays on your monitor

Weird sounds or music that plays on your computer at random

Disappearing device memory

Disk or volume name has been changed

Missing programs or files

Unknown programs or files that appear on your computer

Files that become corrupt or don’t work properly

3. Clicking Foreign Email Links

Employees are still neglecting to exercise caution when they receive an email link. In their defense, cybercriminals are coming up with some impressive disguises. But regardless, your employees need to consider two things before even thinking about clicking an email link:

Check the sender’s email address. Does it make sense? E.g. if the subject line and message claims to be from Chase Bank, but the sender’s email is from a gmail account — the email is definitely a scam.

Check the body of the email for broken english or major grammatical errors. In most cases, email attacks come from over seas.

4. Not Adhering to the Company BYOD Policy

Nearly 50 percent of companies that allow BYOD have experienced a data breach. And 30 percent of employees admit their organization doesn’t even have a BYOD policy! Your first mistake is allowing BYOD and not having a strict set of guidelines for employees to follow. But even if you do, here’s where employees go wrong:

They sell an old device without wiping it clean, leaving potentially confidential information behind.

They don’t report security problems to their organization.

5. Leaving Workstations Logged in and Unattended

It’s worth repeating…24 percent of employee-induced cybersecurity breaches are of malicious intent. And one of the ways employees get away with this sort of crime is by using someone else's computer to menace. Employees need to make logging out a habit. Better yet, set up each computer station to automatically log users out after a predetermined period of inactivity.

6. Sharing Login Credentials

Refer to number 5. Sharing login credentials is like handing a bad employee a crutch. If they’re looking to maliciously jeopardize your confidential information — snagging someone else's login credentials is their free ticket in and out.

7. Not Keeping Programs Up to Date (i.e. Java, Adobe, etc.)

Software isn’t perfect, and as the world evolves, so too must programs to account for changes. Updates get a bad wrap because at times, they can do funny things to your devices. But each time an update is offered, there’s usually a new security patch included. Failure to keep up with these updates means your employees are leaving programs (and subsequently, computers and attached networks) unnecessarily susceptible to attacks.

Even if you do everything in your power to protect your business, a cyber attack is a possibility that should not be taken lightly. Consider partnering with a vCIO for added security and support. A vCIO will not only conduct regular assessments to ensure the gaps in your security strategy are closed, but they will also lead resolution should a breach occur.